Hello,
I use packer to build windows private AMIs.
My code works perfectly for Windows Server 2019 and 2022.
Today, I must build a Windows Server 2012 AMI.
When I start packer, everything is going fine until WinRM is supposed to be activated. But it never becomes available.
Here is the output of my script:
30/03/2023 15:03:01
We are building a Windows template
lets build AWS12
packer build -on-error=cleanup -force -color=false -var-file ./production.pkrvars.hcl -only=amazon-ebs.windows -var AWS_Region=eu-west-1 -var AWS_Subnet=subnet-09dea1005b9e039ce -var AWS_VPC=vpc-07a597dbe1bc6d0a0 -var aws_os_filter=Windows_Server-2012-R2-English-STIG-Full-202* -var InstanceType=t3.medium -var VMNAME=Windows-W2K12-230330 -var-file=W2K12.pkrvars.hcl ./Windows
==> amazon-ebs.windows: Force Deregister flag found, skipping prevalidating AMI Name
amazon-ebs.windows: Found Image ID: ami-05ea5147aa6a82322
==> amazon-ebs.windows: Creating temporary keypair: packer_6425a4a6-c2b5-fb0b-1e41-2a23d9f6d4fd
amazon-ebs.windows: Found Security Group(s): sg-0416234d02eef67b3, sg-075f33d2f0f72757c
==> amazon-ebs.windows: Launching a source AWS instance...
amazon-ebs.windows: Instance ID: i-0a954ed5f7ff8d54c
==> amazon-ebs.windows: Waiting for instance (i-0a954ed5f7ff8d54c) to become ready...
==> amazon-ebs.windows: Waiting for auto-generated password for instance...
amazon-ebs.windows: It is normal for this process to take up to 15 minutes,
amazon-ebs.windows: but it usually takes around 5. Please wait.
amazon-ebs.windows:
amazon-ebs.windows: Password retrieved!
==> amazon-ebs.windows: Using WinRM communicator to connect: 10.6.25.165
==> amazon-ebs.windows: Waiting for WinRM to become available...
real 8m21.604s
user 0m0.450s
sys 0m0.319s
I use the very same powershell script to enable WinRM. For other Windows Operating Systems, it works.
<powershell>
# MAKE SURE IN YOUR PACKER CONFIG TO SET:
#
#
# "winrm_username": "Administrator",
# "winrm_insecure": true,
# "winrm_use_ssl": true,
#
#
write-output "Running User Data Script"
write-host "(host) Running User Data Script"
Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore
# Don't set this before Set-ExecutionPolicy as it throws an error
$ErrorActionPreference = "stop"
# $ThePwd=ConvertTo-SecureString -String 'Azerty0IsGood!' -AsPlainText -Force
# New-LocalUser "PackerUser" -AccountNeverExpires -PasswordNeverExpires -FullName "User for packer" -Description "User for packer" -Password $ThePwd
# Add-LocalGroupMember -Group 'Administrators' -Member "PackerUser"
# Remove HTTP listener
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse
# Create a self-signed certificate to let ssl work
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer"
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force
# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"
cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm
</powershell>
I quickly created an T3.medium EC2 running Windows Server 2012 R2, and executed the script above, without any error.
My security groups open ports TCP/3389 and TCP/5986
- How can I enable WinRM on Windows Server 2012 R2 ?